Modifiable authentication levels in authentication systems for transactions

ABSTRACT

A system and method are provided for authentication. A first request for a transaction is received from a communications device, the first request comprising collation information of a customer to be authenticated and a price of a product or service to be purchased by the customer. An authentication level is set based on the price. A second request is transmitted to a mobile communications device of the customer. Authentication information is received from the mobile communications device, the authentication information comprising identification information of the customer. The authentication information is transmitted to the communications device.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a Divisional of U.S. application Ser. No. 10/070,221filed on Aug. 19, 2002 by Takatori et al., which is a U.S. NationalPhase of PCT application PCT/JP01/05597, filed Jun. 28, 2001, whichclaims priority to JP Application No. 2000-193957, filed Jun. 28, 2000,which are all incorporated by reference herein in their entireties.

FIELD OF TECHNOLOGY

The present invention relates to a host computer, a mobile communicationdevice, a program and a storage medium for the use in an authenticationsystem for supplying various kinds of goods and services.

PRIOR ART

At present, the supply of various kinds of products, including services,via communications lines, such as the supply of Internet contents andtransactions at Internet Malls, is rapidly spreading, and the terminalsused therein range widely from the personal computer to mobilecommunication devices, to various kinds of home appliances. That is, itis quite likely that in future, the majority of electronic equipment,service devices, and other equipment will be provided with a function topurchase for-fee products via communications lines.

Moreover, with increasing popularity of financial services such ascredit cards and the like, and there are increasingly diverse billingformats, and increased convenience for the consumer. These financialservices are expected to be combined with mobile communication devices,such as mobile phones, to provide even greater levels of convenience,while, on the other hand, however, problems such as debit card forgeryand theft have arisen.

The situation described above further increases the importance ofauthenticating customers who have purchased products. Nevertheless,convenience will suffer if complicated operations for authentication arerequired every time the equipment is used.

The present invention was invented in view of the above background andit is an object thereof is to provide an authentication system and ahost computer, a mobile communication device, a program and a storagemedium for the aforementioned system capable of achieving appropriateauthenticating processing while guaranteeing the maximum convenience forthe user, when various kinds of products and services are provided.

DISCLOSURE OF THE INVENTION

In order to achieve the above described object, a host computer as setforth in the present invention is characterized in that it comprises:

a first receiving means for receiving, from a service device, collationinformation that requests authentication of the party in question;

a second transmitting means for transmitting request information thatrequests information regarding the authentication to a mobilecommunication device in response to reception of collation informationby said first receiving means;

a second storage means for storing information regarding theauthentication of a plurality of persons;

a second receiving means for receiving information regardingauthentication from aforementioned mobile communication device;

a comparing means for comparing information regarding the authenticationreceived by said second receiving means with information regardingauthentication stored in aforementioned second storage means; and

a first transmitting means for transmitting authentication informationthat authenticates a party in question according to comparison resultsfrom said comparing means to the aforementioned service device.

Furthermore, the aforementioned information regarding the authenticationis characterized in that it is ID information of a user or personalattributes of a user.

Furthermore, the aforementioned first receiving means is characterizedin that it receives information regarding the services provided by theservice device, and further comprises an authentication selecting meansfor selecting an authentication level according to the informationregarding said services.

Furthermore, the aforementioned authentication selecting means comparesthe past service provision history with services to be provided atpresent and selects the authentication level based on a result of thatcomparison.

Furthermore, the aforementioned authentication selecting means ischaracterized in that it selects an authentication level based on atleast any one of cost of service, service provision region, serviceprovision frequency and a total sum of money for service provided.

Furthermore, in order to achieve the aforementioned object, the mobilecommunication device as set forth in the present invention ischaracterized in that it comprises:

a third receiving means for receiving, from the host computer, requestinformation that requests information regarding authentication;

a first storage means for storing information regarding authentication;and

a third transmitting means for transmitting information regardingauthentication, stored in said first storage means, to theaforementioned host computer, in response to the reception of requestinformation by the aforementioned third receiving means.

Furthermore, it is characterized in that it has a fourth transmittingmeans for transmitting information regarding authentication to theservice device.

Furthermore, the aforementioned third transmitting means ischaracterized in that it selectively transmits, to the aforementionedhost computer, the type of information regarding authenticationrequested by the aforementioned request information.

Furthermore, the function of the mobile communication device as setforth in the present invention can be also achieved by causing acomputer to execute a program, and such a program can be loaded on arecording medium that can be read by a computer.

A method of authenticating by using the host computer and the mobilecommunication device as set forth in the present invention (hereinaftertermed “the authentication method as set forth in the presentinvention”) is based on both the communications between the firstcommunication terminal built into the service device and the hostcomputer, and the communications between the host computer and themobile communication device (the second communication terminal). Higherreliability of authentication can be achieved thereby. In this way, whenvarious kinds of products and services are provided, appropriateauthentication processing can be achieved while guaranteeing maximumconvenience for the customer.

Furthermore, in the authentication method as set forth in the presentinvention, in the communication between the host computer and the mobilecommunication device (the second communication terminal), the user maybe asked for his ID information (identification information) orinformation regarding the personal attributes of the user, andauthentication may be performed based on the response thereto.

Furthermore, in the service device as set forth in the presentinvention, a card reader for reading the information from the storagemedium whereon the user's ID information is stored is further provided,and the service device can read the ID information of the storagemedium, and the authentication method as set forth in the presentinvention is such that the first communication terminal transmits the IDinformation read by the card reader to the host computer, and the hostcomputer notifies the mobile communication device (the secondcommunication terminal) of the ID information based on this informationand confirms the response of the mobile communication device (the secondcommunication terminal) thereto. In this way, convenience andreliability can be increased, while using a conventional storage mediumis used.

Furthermore, in the authentication method as set forth in the presentinvention, and in addition, in the communication between the hostcomputer and the mobile communication device (the second communicationterminal), the identifiable communication information between the firstcommunication terminal and the mobile communication device (the secondcommunication terminal) is notified to the mobile communication device,and this information is confirmed by comparison with the informationnecessary for authenticating a communication history, a control transferhistory, or the like and the authentication is performed based on theconfirmation result thereof. This enables a further increase in thereliability of authentication.

Furthermore, in the authentication method as set forth in the presentinvention, a plurality of authentication levels, and a control transferpermission condition relating to each authentication level, are storedin advance in the second storage means of the host computer or the thirdstorage means of the service device so that an authentication level canbe selected according to the object of the authentication when the userdesires the authentication of the party in question. That is, theauthentication level can be selected by comparing the past serviceprovision history with the services to be provided at present.

Furthermore, in the authentication method as set forth in the presentinvention, when the object of the authentication is to purchaseproducts, the products are compared with the price for the products andthe past product purchase history, and the authentication level isselected based on the result of the comparison. Increased conveniencecan be achieved thereby.

Furthermore, in the present invention, the host computer mayautomatically analyze trends in product purchasing by the user andcompare the analysis result with said products.

Furthermore, in the authentication method as set forth in the presentinvention, when the object of the authentication is to purchase aproduct, the authentication level can be selected based on at least anyone of cost of service, service provision region, service provisionfrequency and a total sum of money for the service provided. Increasedconvenience can be achieved thereby.

Furthermore, in the present invention, the service device may beequipment capable of providing a product to the user and may provide theproduct after confirming a billing process for the user after theauthentication of the person in question.

Furthermore, in the authentication method set forth in the presentinvention, the first communication terminal and the host computer areconnected by a mobile communication line, and the host computer and themobile communication device (the second communication terminal) areconnected by the mobile communication line. The degree of freedom in theinstallation location, etc. of the first communication terminal isincreased thereby.

Furthermore, in the authentication method set forth in the presentinvention, the first communication terminal and the host computer areconnected by a fixed line, and the host computer and the mobilecommunication device (the second communication terminal) are connectedby a mobile communication line. The communication reliability of thefirst communication terminal is increased thereby.

Furthermore, in the authentication method as set forth in the presentinvention, when a line condition is not good between the mobilecommunication device (the second communication terminal) and the hostcomputer, communication that should be performed between the mobilecommunication device (the second communication terminal) and the hostcomputer is executed between the first communication terminal and thehost computer. Line problems can be handled easily thereby.

The descriptions in the specification and/or the drawings of JapanesePatent Application 2000-193957, which is the foundation for the priorityof the present patent application, are incorporated [by reference] intothe present specification.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating the structure of a firstembodiment of an authentication system as set forth in the presentinvention;

FIG. 2 is a block diagram illustrating the structure of a secondembodiment of an authentication system as set forth in the presentinvention;

FIG. 3 is a block diagram illustrating the structure of a thirdembodiment of an authentication system as set forth in the presentinvention;

FIG. 4 is a block diagram illustrating the structure of a fourthembodiment of an authentication system as set forth in the presentinvention;

FIG. 5 is a diagram illustrating modified examples of the structures ofthe first and second communication terminals in the authenticationsystem of FIG. 3;

FIG. 6 is a flow chart illustrating the overall flow in anauthentication system as set forth in the present invention; and

FIG. 7 is a flow chart illustrating the flow of adjustment of theauthentication level in an authentication system as set forth in thepresent invention.

BEST MODE FOR CARRYING OUT THE INVENTION

Next, embodiments of authentication systems constituted using a hostcomputer, a mobile communication device, a program, and a recordingmedium as set forth in the present invention (hereinafter termed “theauthentication system as set forth in the present invention”) will bedescribed based on the drawings.

FIG. 1 illustrates a structure of a first embodiment of anauthentication system as set forth in the present invention,illustrating an authentication system having a card reader system (CRS)for reading a storage medium (CC) for storing user ID information, suchas a credit card. A card reader (CR) is connected to the card readersystem CRS (service device), and the first communication terminal (PD1)(in this case, for mobile communication) of a built-in type (embeddedtype) is incorporated into the card reader system CRS, and the user(customer) can communicate with a host computer (HC) of anauthentication control company (BS) through the first communicationterminal PD1. The authentication control company BS is, for example, acommunication service company, and performs the authentication controlfor a plurality of product supplier companies (SP1 to SP3) (and whilethree companies are shown in the drawing, the [actual] number isdiscretionary) according to product purchasing statuses in the cardreader system CRS (service device). The product supplier companies SP1to SP3 include not only service providing companies that provideservices such as credit services, cash services, and the like, but alsoproduct supplier companies that provide various products, as shown inTable 1, via the Internet and, additionally, include financialinstitutions, securities companies, real estate companies, masscommunication-related companies such as satellite broadcasting, cabletelevision, newspapers, radio broadcasting, publishing and the like, andso forth.

Here, for convenience, processing devices of the product suppliercompanies SP1 to SP3 are also designated as SP1 to SP3. These processingdevices SP1 to SP3 are connected to a host computer HC of theauthentication control company BS via a public communication line ordedicated line.

TABLE 1 Examples of Provided Products Provided Products InternetContents Product information, corporate information and otherinformation provision services Music distribution services Bookdistribution services Game distribution services Services for providingimage information such as photographs, paintings and the like Internetmall, shopping channel Various kinds of products, monetary notes FinanceInternet banking Securities Brokerage of securities trading Real estateBrokerage of real estate trading Mass Communication Satellitebroadcasting, cable television Newspapers, publication Radio

The host computer HC comprises: a first receiving means for receivingthe collation information for requesting an authentication of the personin question from the service device; a second transmitting means fortransmitting request information for requesting information regardingauthentication to a mobile communication device (PD2) (the secondcommunication terminal; in this case, a portable telephone) in responseto the reception of the collation information by the first receivingmeans; a second storage means (MEM2) for storing the informationregarding the authentication of a plurality of persons; a secondreceiving means for receiving information regarding authentication fromthe mobile communication device (the second communication terminal); thecomparison means for comparing information regarding authenticationreceived by the second receiving means with information regardingauthentication stored in the second storage means MEM2; and a firsttransmitting means for transmitting authentication information forauthenticating the person in question to the service device according tothe result of comparison by the comparison means.

Furthermore, the mobile communication device (the second communicationterminal) PD2 comprises: a third receiving means for receiving therequest information for requesting information regarding authenticationfrom the host computer HC; a first storage means (MEM1) for storinginformation regarding authentication; and a third transmitting means fortransmitting information regarding authentication stored in the firststorage means MEM1 to the host computer HC in response to the receptionof request information by the third receiving means.

An authentication method using a host computer HC and a mobilecommunication device (the second communication terminal) PD2 will bedescribed next.

First, collation information for requesting the authentication of theparty in question is transmitted from a first communication terminal PD1of the service device (card reader system) CRS to a host computer HC.

When the host computer HC receives collation information, for requestingthe authentication of the party in question, from the firstcommunication terminal PD1 through a first receiving means, [this hostcomputer HC] transmits request information, for requesting informationregarding authentication, to a mobile communication device (a secondcommunication terminal) PD2 through a second transmitting means inresponse to the reception of the collation information by the firsttransmitting means.

When the mobile communication device (the second communication terminal)PD2 receives request information, for requesting information regardingauthentication from the host computer HC, through a third receivingmeans, [the mobile communication device (the second communicationterminal) PD2] transmits information regarding authentication, which isstored in the first storage means MEM1, to the host computer HC throughthe third transmitting means in response to the reception of requestinformation by the third receiving means.

When the host computer HC receives the information regardingauthentication from the mobile communication device (the secondcommunication terminal) PD2 through the second receiving means, [thehost computer HC] compares the information regarding authenticationreceived by the second receiving means with information regardingauthentication stored in second storage means MEM2 through the use ofcomparing means, and transmits authentication information forauthenticating the party in question to the first communication terminalPD1 of the service device (card reader system) CRS, through the firsttransmitting means, according to the query result.

While conventionally a signature by the user has been required whenexecuting an authentication procedure as to whether or not the use of astorage medium CC is legal, in the present embodiment, in order toreduce the load on the user and to speed up authentication processing,when the use of the CC storage medium is communicated as the collationinformation to the host computer HC from the card reader system CRS, thehost computer HC of the authentication control company BS communicateswith the second communication terminal PD2 (mobile communication device,portable telephone) owned by the user and requests information regardingauthentication (sends request information).

The second communication terminal PD2 is provided with the storage meansMEM1 for storing the user ID information, and, in response to therequest from the host computer HC, the user ID information (informationregarding authentication) is read from the first storage means MEM1 andsent back to the host computer HC. When the host computer HC receivesthe user ID information from PD2, [the host computer HC] compares the IDinformation with information regarding authentication stored in secondstorage means MEM2 through the use of comparing means. If the use of thestorage medium CC is legal, the authentication of the party in questionis established and the reliability of the authentication can beincreased thereby.

Conversely, the host computer HC accumulates in advance, in the secondstoring means MEM2, information regarding the personal attributes of theuser, and asks a question regarding the personal attributes of the userto the second communication terminal PD2. The host computer HC canconfirm that the use of the storage medium CC by the user is legal whenthe user operates the second communication terminal PD2 to answer thequestion to the host computer HC and

the answer (information regarding the personal attributes) is correct.Furthermore, the second communication terminal PD2 can also transmitinformation selectively, to the host computer HC, regarding the type ofthe authentication requested by request information from the hostcomputer HC.

To a user skilled in operating the second communication terminal(portable telephone) PD2, an authentication process using the secondcommunication terminal PD2 is extremely simple when compared to theinputting of the signature. Furthermore, the confirmation of the secondcommunication terminal PD2 in addition to the ID information of thestorage medium CC can increase the reliability of the authenticationremarkably.

When the authentication of the party in question is completed in thehost computer HC, the authentication information is transmitted to thefirst communication terminal PD1 from the host computer HC. Thenotification of this authentication is performed by transmitting aspecific authentication code or the like.

Furthermore, the mobile communication device (the second communicationterminal) PD2 comprises a fourth transmitting means for transmittinginformation regarding authentication to the service device and theconvenience and reliability of authentication can be increased even morethrough the addition, to the conditions of the authentication, ofcommunication between the first communication terminal PD1 and thesecond communication terminal PD2. For example, the user ID informationand other information are transmitted from the second communicationterminal PD2 to the first communication terminal PD1, and the firstcommunication terminal PD1 transmits, to the host computer HC, thisinformation, which was sent from the second communication terminal PD2,together with the ID information of the storage medium CC. The hostcomputer HC is provided with second storage means MEM2, where thissecond storage means MEM2 stores a correspondence relationship (anyinformation regarding the communication history or the control transferhistory the individual user using the card reader system CRS) betweenthe user ID information and the second communication terminal PD2 of theuser, and, based on this correspondence relationship, the host computerHC transmits the ID information of the aforementioned storage medium CCand information regarding the correspondence relationship to the secondcommunication terminal PD2. The second communication terminal PD2compares this information transmitted from the host computer HC with thecommunication history, the control transfer history were the likestored, in the first storage portion MEM1 of the second communicationterminal PD2, and, if there is a match, a reply to that effect isreturned to the host computer HC.

As described above, in the present embodiments, various types ofauthentication procedures can be used, by determining a reference forselecting the authentication procedure according to the purpose of theauthentication, to achieve optimal convenience and reliability. Forexample, when the purpose of the authentication is to purchase aproduct, the authentication level can be set by the price thereof asshown in Table 2, and the authentication procedure for this can be setas shown by Table 3.

TABLE 2 Examples of the authentication levels Authentication Level 1 Theprice of the product is equal to or less than a first specific value.The first specific value is, for example, ¥5,000. Authentication Level 2The price of the product is more than the first specific value and isequal to or less than a second specific value. The second specific valueis, for example, ¥10,000. Authentication Level 3 The price of theproduct is more than the second specific value.

TABLE 3 Examples of control transfer permissions Authentication Level 1It is unconditionally authenticated. However, confirmation after thefact is made regarding the second communication terminal. AuthenticationLevel 2 Authentication control company BS makes a prior confirmationregarding the second communication terminal PD2 about product purchases.Authentication Level 3 Authentication control company BS makes a priorconfirmation regarding the first communication terminal PD1 and thesecond communication terminal PD2 about product purchases.

That is, when the price of the product is equal to or less than thefirst specific value, there is unconditional authentication asauthentication level 1. However, a prior confirmation is executed to thesecond communication terminal PD2. When the price of the product is morethan the first specific value and is equal to or less than the secondspecific value, the authentication control company BS makes a priorconfirmation about the purchase of the product regarding the secondcommunication terminal PD2, as authentication level 2. When the price ofthe product is more than the second specific value, the authenticationcontrol company BS makes a prior confirmation about the purchase of theproduct regarding the first communication terminal PD1 and the secondcommunication terminal PD2, as authentication level 3.

The first receiving means of the host computer HC is provided withauthentication selecting means for receiving information regarding theservices provided from the service device and selecting theauthentication level according to this information regarding theservices, enabling the authentication procedure to be changed accordingto the authentication level. That is, the host computer HC stores theauthentication levels and the authentication procedures in the secondstorage means MEM2, and when collation information for requesting theauthentication of the party in question and information regarding theservices are received from the first communication terminal PD1 throughthe first receiving means, the host computer HC selects the query levelaccording to information regarding the services, referencing the secondstorage means MEM2, through the use of the authentication selectionmeans. After that, in order to perform the authentication procedurebased on the authentication level, either request information forrequesting information regarding authentication is sent to the mobilecommunication device (the second communication terminal) through thesecond transmitting means for a prior confirmation, or a confirmation isperformed after the fact. In the case of the prior confirmation,authentication information for authenticating the party in questionaccording to the comparison result is sent to the first communicationterminal PD1 of the service device (card reader system) CRS through thefirst transmitting means.

When the authentication by the host computer HC is not necessary, suchas in the process for authentication level 1, storing the authenticationlevels and the authentication procedure in the third storage means MEM3of the first communication terminal PD1 in advance, enables the firstcommunication terminal PD1, that is, the card reader system CRS (servicedevice), to provide the product to the user without waiting for thereception of an authentication code from the host computer HC, if it isconfirmed that the price of the product is equal to or less than thefirst specific value. However, a confirmation after the fact is a maderegarding the second communication terminal and, after the fact, theproduct supplying company SP is notified to that effect via the hostcomputer HC.

FIG. 2 illustrates a second embodiment, wherein the first communicationterminal T1 of a fixed line is used in place of the first communicationterminal PD1 (for mobile communication) of the first embodiment. Thefirst communication terminal T1 is built into the card reader system CRS(service device). The other constituent components are identical tothose of the first embodiment, so descriptions thereof will be omitted.The aforementioned structure enables the application of theauthentication system of the present invention, even in cases where thestatus of the mobile communication line in the location of installationof the service device is not good.

When the first communication terminal T1 of the fixed line is used, theauthentication procedure by the communication between the secondcommunication terminal PD2 and the host computer HC can be also executedby the communication between the first communication terminal T1 and thehost computer HC. This is effective when the line status of the secondcommunication terminal is bad.

FIG. 3 illustrates a third embodiment for authentication in a televisionTV (service device) that can connect to the Internet. A firstcommunication terminal PD1 (in this case, for the mobile communication)of a built-in type (embedded type) is built into the television TV,where the television TV can communicate with the authentication controlcompany BS via the first communication terminal PD1.

The owner or the manager of the service device TV can access a varietyof product supplier companies by a specific authentication procedureusing the first communication terminal PD1, and the use of the videodisplay functions and distribution functions of the television reduceslimitations on the products that can be traded, remarkably invigoratingeconomic activities.

Furthermore, if the use of television TV by a large number ofunspecified customers is enabled, a broad range of customers' needs canbe handled, thus invigorating economic activities even further. However,in this case, it is necessary to perform billing appropriately forcustomers who used the television TV (service device), and there is aconcern that the authentication and the billing procedure of theindividual customers may become complicated.

Additionally, in the present embodiment, when the charges for thepurchase of products are to be borne by individual customers, a “controltransfer mode” can be set up wherein control regarding charges istransferred to the customer's side. When the “control transfer mode” isset up, a plurality of customers perform payment processes after theyhave been authenticated, making it impossible for the owner or themanager of the service device to be charged.

The customer (not shown) calls a first communication terminal PD1 (usedby a plurality of customers) from a second communication terminal PD2 (amobile communication device, in this case, a portable telephone) ownedby the customer, and inputs a specific code (a number, a code, or thelike), so that the service device TV can be used for the purpose of thebilling of the customer. Guaranteeing the customer to be a legal throughthe authentication of the second communication terminal PD2 in this wayenables customer authentication such that the second communicationterminal PD2 itself is taken as the ID information, enabling appropriatebilling to be performed. Additionally, customer authenticationoperations are relatively simple, not compromising convenience.

At this time, information regarding billing is sent from the firstcommunication terminal PD1 to the host computer HC of the authenticationcontrol company BS. Accordingly, regardless of whether or not the“control transfer mode” is used, information regarding billing may betransmitted together with information regarding authentication, and itis not necessary to change the form of the transmission for billinginformation on the service device TV.

When a specific “condition” is satisfied, the authentication controlcompany BS permits the supply of a product by confirming the customerbilling process customer. The authentication levels and conditions arethe same as those of the embodiment described above.

Although the authentication levels in Table 2 are set by the prices ofthe product alone, they can be adjusted based on the history of productspurchased from the second communication terminal PD2, as shown in Table4.

TABLE 4 Example of adjustments of authentication levels. AuthenticationLevel not modified (1) When the product purchase history of the secondcommunication terminal PD2 recorded at the authentication controlcompany BS is less than a specific value. The specific value is set bycompre- hensively judging the number of purchase times and the purchaseamount of money. (2) When the product purchase history of the secondcommunication terminal PD2 recorded in the first communication terminalPD1 is less than a specific value. As with (1), the specific value isset by comprehensively determining the number of purchases and theamount of purchases. Authentication Level lowered by 1. (1) When theproduct purchase history of the second community terminal PD2 recordedin the authentication control company BS is more than a specific value.(2) When the product purchase history of the second communicationterminal PD2 recorded in the first communication terminal PD1 is morethan a specific value.

In the evaluation of the purchase history in Table 4, if for example,the purchase amount of money of ¥100,000 is taken as the specific valueof the purchase history as the condition for legal use, a comprehensiveevaluation is made, such as calculating 10 purchases as being equivalentto ¥10,000 of purchases, and adding this to the purchase history, evenif the purchase amount of money is less than ¥100,000.

Furthermore, the authentication level may be selected by comparing thepast service provision history with the services to be provided atpresent, or the authentication level may be selected based on at leastanyone of the cost of services, service provision area, serviceprovision frequency and the total sum of money for the servicesprovided.

As described above, appropriately simplifying the authenticationprocedure according to the authentication level can remarkably increasethe convenience of the service device regarding the product provision.

Note that other parameters, for example, the geographic area of thefirst communication terminal, the first communication terminal itself,the type of product, or the like, may also be used for setting andadjusting the authentication levels.

Moreover, in the host computer HC, automatic analysis of productpurchasing trends by the user may be used to lower the authenticationlevel for a purchase of a product conforming to the analysis result, andto raise (increase the strictness of) the authentication level for thepurchase of a product deviating from past trends.

FIG. 4 illustrates a fourth embodiment wherein a first communicationterminal T1 of a fixed line is used in place of the first communicationterminal PD1 (for the mobile communication) in the third embodiment. Theother constituent components are identical to those of the thirdembodiment, so descriptions thereof will be omitted. The aforementionedstructure enables the application of the billing system of the presentinvention, even if the status of the mobile communication line in thelocation of installation of the service device is not good. Note that astructure can be used wherein the service device TV is used as the firstcommunication terminal T1 and a telephone TV [sic] (T1) with a fixedline is used.

FIG. 5 illustrates a modified example of the structure of a firstcommunication terminal (for mobile communication) PD1 and a secondmobile communication terminal (mobile communication device, portabletelephone) PD2 in the third embodiment. Label tags TG1, TG2 are builtinto the first and second mobile communication terminals PD1, PD2,respectively, and these label tags send intrinsic signals of the firstand second communication terminals PD1, PD2. The signals of label tagsTG1, TG2 are received respectively by the antennas of the first andsecond communication terminals PD1, PD2 and, when both are detected byeach other, the service device TV transmits billing information asbilling for the second communication terminal PD2 to the authenticationcontrol company BS. That is, the first and second communicationterminals PD1, PD2 operate as non-contact sensors and detect theelectrical indexes issued by label tags TG1, TG2. The automaticdetection of PD1 and PD2 by each other in this way eliminates thenecessity of performing cumbersome operations such as calling the firstcommunication terminal PD1 from the second communication terminal PD2and inputting a code.

Obviously, radio communications by Bluetooth standards can be used inplace of the communications by label tags. Additionally, theauthentication control company BS may be the same as the productsupplier company, simplifying the authentication system.

FIG. 6 is a flowchart illustrating one example of the overall flow ofthe authentication system based on the control transfer request. Here,the adjustment of the authentication level shown in Table 4 is notperformed, and a process is shown wherein only the conditions of Table 2and Table 3 are used.

First, an operation wherein the second communication terminal PD2 callsthe first communication terminal PD1, or the like, and determineswhether or not a request for the control transfer has been made (StepS41), and the process is terminated if no request has been made.

If a request for control transfer has been made, the request details,namely, the product to be purchased, the prices thereof, and the like,and information regarding authentication such as the ID informationregarding billing of the customer, and the like, are transmitted fromthe second communication terminal PD2 to the authentication controlcompany BS (Step S42). In the first communication terminal, adetermination is made, from the product prices and based on Table 2 andTable 3, whether or not the prices are of a low level not requiring anapproval from the authentication control company BS, where if theapproval is not required, the product is provided immediately (StepS45). If the approval is required, the product is provided (Step S45)when the approval from the authentication control company BS is granted(Step S44), and if the approval is not granted, a declined notificationis provided to the second communication terminal PD2 (Step S46).

After the product is provided, a determination is made based on theAuthentication Level 1 in Table 3 as to whether or not a confirmation isrequired after the fact (Step S47), and if confirmation is requiredafter the fact, information regarding the purchase of the product, andthe like, is sent from the authentication control company BS to thesecond communication terminal PD2, or the like (Step S48).

FIG. 7 is a flowchart illustrating the process flow in an authenticationsystem that performs the adjustment of authentication levels shown inTable 4.

First, an operation wherein the second communication terminal PD2 callsthe first communication terminal PD1, or the like, to determine whetheror not a request for control transfer has been made (Step S51), and theprocess is terminated if no request has been made.

If a request for control transfer has been made, a tentative evaluationof the authentication level is made based on the prices of the productto be purchased and based on Table 2 (Step S52). Here the requestdetails, namely, the product to be purchased, the price thereof, and thelike, and information regarding authentication such as the IDinformation regarding billing of the customer, and the like, aretransmitted from the second communication terminal PD2 to theauthentication control company BS (Step 53). Next, in the firstcommunication terminal, a determination is made based on the productprice as to whether or not the product is of a low level that does notrequire the approval of the authentication control company BS, and ifapproval is not required, the product is provided immediately (StepS58). If the approval is required, it is determined whether adjustmentof the authentication level is required or not based on Table 4 in theauthentication control company BS, and if adjustment is required, theprocess returns to Step S54 after the adjustment of the authenticationlevel. If adjustment is not required or has become unnecessary becauseof adjustment of the authentication level, the process advances to thedecision (Step S57) as to whether the authentication is approved or notin the authentication control company BS.

If the approval is granted in Step S57, the product is provided (StepS58), but if the approval is not granted, the second communicationterminal PD2 is notified that the approval is declined (Step S59).

After a product is provided, as with Authentication Level 3, adetermination is made as to whether or not a confirmation is requiredafter the fact (Step S60), and if confirmation is required after thefact, information regarding the purchase of the product, or the like, issent from the authentication control company BS to the secondcommunication terminal PD2 (Step S61).

Obviously, the control transfer for billing can be applied to anyservice device using any communication terminal other than thetelevision TV.

The mobile communication device of the present invention is alsoembodied by a program that causes a computer to function as the presentmobile communication device. This program may be stored on a recordingmedium capable of being read by a computer.

The recording medium that stores this program may be the first storagemeans MEM1 itself, shown in FIG. 1, or a CD-ROM, or the like, wherein aprogram reading unit such as the CD-ROM drive, or the like, is providedas the external storage unit, where the CD-ROM can be read therebythrough the insertion of the recording medium.

Furthermore, the aforementioned recording medium may be a magnetic tape,a cassette tape, a floppy disc, a hard disc, MO/MD/DVD, or the like, ora semiconductor memory.

INDUSTRIAL APPLICABILITY

The present invention enables the provision of an authentication systemthat can provide an appropriate authentication process whileguaranteeing the maximum convenience for the customer, when variouskinds of products and services are provided, as well as a host computer,mobile communication device, program and recording medium for use insaid authentication system.

1. A method comprising: receiving, at a processing device, a firstrequest for a transaction from a communications device, the firstrequest comprising information of a customer to be authenticated and aprice of a product or service to be purchased by the customer; setting,using the processing device, an authentication level based on the price;transmitting, from the processing device, a second request to a mobilecommunications device of the customer; receiving, at the processingdevice, authentication information from the mobile communicationsdevice, the authentication information comprising identificationinformation of the customer; and transmitting, from the processingdevice, the authentication information to the communications device. 2.The method of claim 1, wherein the setting comprises: selecting a firstauthentication level if the price is equal to or less than a firstthreshold; selecting a second authentication level if the price isgreater than the first threshold and equal to or less than a secondthreshold; and selecting a third authentication level if the price isgreater than the second threshold.
 3. The method of claim 2, furthercomprising: storing a purchase history of the customer in the processingdevice or the communications device, wherein the purchase historycomprises a frequency of purchase and a purchase amount of the productor service; and setting the first threshold and the second thresholdbased on the purchase history.
 4. The method of claim 2, wherein theselecting further comprises: analyzing, using the processing device, apurchasing trend of the customer for the product or service; increasing,using the processing device, the first threshold to be the price if theprice approximates the purchasing trend; and decreasing, using theprocessing device, the first threshold to be below the price if theprice does not approximate the purchasing trend.
 5. The method of claim4, further comprising: unconditionally authenticating the transaction ifthe first authentication level is selected; authenticating thetransaction after receiving a first confirmation from the mobilecommunications device in response to the second request if the secondauthentication level is selected; and authenticating the transactionafter receiving the first confirmation from the mobile communicationsdevice in response to the second request and receiving a secondconfirmation from the communications device, in response to a thirdrequest from the processing device to the communications device, if thethird authentication level is selected.
 6. The method of claim 1,wherein the authentication level is based on at least one of: a locationof the communications device; a physical characteristic of the productor service; and a frequency of purchase of the product or service.
 7. Amethod comprising: receiving, at a host computer, a first request for atransaction from a communications terminal, the first request comprisinginformation of a customer to be authenticated and informationidentifying a parameter of the transaction; setting an authenticationlevel based on the parameter of the transaction; transmitting, from thehost computer, a second request to a mobile communications device of thecustomer; receiving, at the host computer, authentication informationfrom the mobile communications device, the authentication informationcomprising identification information of the customer; and transmitting,from the host computer, the authentication information to thecommunications terminal.
 8. The method of claim 7, wherein the settingcomprises: selecting a first authentication level if the parameter iswithin a first threshold; selecting a second authentication level if theparameter exceeds the first threshold and is within a second threshold;and selecting a third authentication level if the parameter exceeds thefirst threshold and the second threshold.
 9. The method of claim 8,further comprising: unconditionally authenticating the transaction ifthe first authentication level is selected; authenticating thetransaction after receiving a first confirmation from the mobilecommunications device in response to the second request if the secondauthentication level is selected; and authenticating the transactionafter receiving the first confirmation from the mobile communicationsdevice in response to the second request and receiving a secondconfirmation from the communications terminal, in response to a thirdrequest from the host computer to the communications terminal, if thethird authentication level is selected.
 10. The method of claim 8,wherein the parameter is one or more of: a price of the transaction fora product or service; a location of the service terminal; a physicalcharacteristic of the product or service; and a frequency of purchase bythe customer of the product or service.
 11. The method of claim 10,further comprising: storing a purchase history of the customer in thehost computer or the communications terminal, wherein the purchasehistory comprises the frequency of purchase and the price of thetransaction; and setting the first threshold and the second thresholdbased on the purchase history.
 12. The method of claim 10, furthercomprising: storing a transaction history of the customer in the hostcomputer or the mobile communications device, wherein the transactionhistory comprises a location of the communications terminal; and settingthe first threshold and the second threshold based on a geographic areaproduced from the transaction history.
 13. The method of claim 10,further comprising: storing the frequency of purchase of the product orservice by the customer in the host computer or the communicationsterminal; and setting the first threshold and the second threshold basedon the frequency of purchase of the product or service.
 14. The methodof claim 10, further comprising: analyzing, using the host computer, apurchasing trend of the customer for the product or service; increasing,using the host computer, the first threshold to be the price if theprice approximates the purchasing trend; and decreasing, using the hostcomputer, the first threshold to be below the price if the price doesnot approximate the purchasing trend.
 15. A computer-readable storagedevice having instructions stored thereon that, upon execution by a hostdevice, cause the host device to perform operations comprising:receiving a first request for a transaction from a communicationsdevice, the first request comprising information of a customer to beauthenticated and information identifying a price of a product orservice to be purchased in the transaction; setting an authenticationlevel based on the price of the transaction; transmitting a secondrequest to a mobile communications device of the customer; receivingauthentication information from the mobile communications device, theauthentication information comprising identification information of thecustomer; and transmitting the authentication information to thecommunications device.
 16. The computer-readable storage device of claim15, wherein the setting comprises: selecting a first authenticationlevel if the price is equal to or less than a first threshold; selectinga second authentication level if the price is greater than the firstthreshold and equal to or less than a second threshold; and selecting athird authentication level if the price is greater than the secondthreshold.
 17. The computer-readable storage device of claim 16, furthercomprising: unconditionally authenticating the transaction if the firstauthentication level is selected; authenticating the transaction afterreceiving a first confirmation from the mobile communications device inresponse to the second request if the second authentication level isselected; and authenticating the transaction after receiving the firstconfirmation from the mobile communications device in response to thesecond request and a second confirmation from the communications device,in response to a third request from the host device to thecommunications device, if the third authentication level is selected.18. The computer-readable storage device of claim 16, furthercomprising: storing a purchase history of the customer in the hostdevice or the communications device, wherein the purchase historycomprises the frequency of purchase and the price of the transaction;and setting the first threshold and the second threshold based on thepurchase history.
 19. The computer-readable storage device of claim 16,wherein the selecting further comprises: analyzing a purchasing trend ofthe customer for the product or service; increasing the first thresholdto be the price if the price approximates the purchasing trend; anddecreasing the first threshold to be below the price if the price doesnot approximate the purchasing trend.
 20. The non-transitorycomputer-readable storage device of claim 15, wherein the setting of theauthentication level is based on one or more of: a location of thecommunications device; a physical characteristic of the product orservice; and a frequency of purchase of the product or service.